Techniques for assuring a receiver's non repudiation of a communication are provided via cooperation with a secure device. A secure device operates within a local environment of a receiver and exchanges certificates with a sender via the receiver. The sender encrypts data in a communication with the receiver. Separately, the sender sends an encrypted version of a decryption key to the receiver. The receiver presents the encrypted version of the key to the secure device and the secure device supplies the decryption key for use by the receiver to decrypt the previously sent encrypted data.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A device-implemented method to execute on a secure device, comprising: exchanging, by the secure device, certificates with a sender via a receiver, the sender and the receiver are to engage in a communication with one another, the sender certificate includes a public key of the sender and the secure device certificate includes a public key of the secure device; recording, by the secure device, an exchange date and time the exchange took place with the sender in an encrypted format using a private key of the secure device; supplying, by the secure device, a decrypted version of an encrypted key to the receiver, when the receiver presents the encrypted key, the receiver makes a specific request of the secure device via the encrypted key, and the receiver uses the decrypted version to complete the communication by decrypting data that had been encrypted within the communication, the secure device is a tamper resistant device that is prefabricated with the private key that when provided provides administrative access to the secure device, the secure device is situated within a local environment to the receiver; and interacting, by the secure device, with the sender permitting the sender to perform an audit to establish that the receiver did receive the decrypted version of the encrypted key from the secure device.
2. The method of claim 1 further comprising, recording, by the secure device, a decryption date and time that the decrypted version of the encrypted key was supplied to the receiver, if the receiver had presented the encrypted key.
3. The method of claim 2 further comprising, reporting, by the secure device, at least one of the exchange date and time and the decryption date and time to an authorized requestor.
4. The method of claim 1 further comprising, authenticating, by the secure device, the receiver for access before processing the method.
5. The method of claim 1 further comprising, encrypting, by the secure device, the exchange date and time with a public key of the receiver.
6. The method of claim 1 further comprising, simultaneously supporting, by the secure device, other additional receivers and their communications with other senders at a same time that the receiver and its communication with the sender is being processed.
7. The method of claim 1 , wherein supplying further includes, decrypting the encrypted key with a private key associated with the method and a public key associated with the sender, if the encrypted key is presented by the receiver.
8. A method, comprising: requesting a device certificate that is received from a receiver, the device certificate is associated with a secure device residing in the environment of the receiver, the secure device is a tamper resistant device prefabricated with a private key that when provided provides administrative access to the secure device, the secure device is interfaced to the local networked environment of the receiver; supplying a certificate of the method to the secure device via the receiver, that certificate including a public key of the method; recording the device certificate that was received from the receiver, the device certificate received from the receiver and indirectly from the secure device, the device certificate including a public key of the secure device; commencing a communication with the receiver, a closing interaction includes an encrypted key, which when decrypted by the secure device provides a key to decrypt encrypted data included with the communication, the encrypted key supplied to the receiver and the receiver presents the encrypted key as a request to the secure device for decryption; and interacting with the secure device to establish that the receiver received a decrypted version of the encrypted key from the secure device.
9. The method of claim 8 further comprising: receiving a repudiation from the receiver; and inspecting the secure device to determine if a decrypted version of the encrypted key was supplied by the secure device to the receiver, and if so disputing the repudiation by the receiver.
10. The method of claim 8 , wherein commencing further includes encrypting a decryption key to produce the encrypted key, wherein the decryption key is encrypted with the public key of the secure device acquired with the device certificate.
11. The method of claim 8 , wherein recording further includes storing a date and time that the device certificate was received from the receiver.
12. The method of claim 11 further comprising, presenting the date and time to the receiver if the receiver attempts to repudiate the communication.
13. The method of claim 8 , wherein commencing further includes: transmitting encrypted data, which is encrypted with a decrypted version of the encrypted key; verifying a first return signature from the receiver indicating the encrypted data was received by the receiver; and sending the encrypted key with the closing interaction.
14. The method of claim 13 further comprising: determining if a second return signature is received from the receiver and if so attempting to verify that signature, and if verified determining that the communication completed successfully; and determining if either the second return signature was not received or if the second return signature was not verified, and if this is the case, requesting inspection of the secure device from the receiver.
15. An apparatus, comprising: storage; and a processor having instructions to be processed thereon, the storage is to house certificates of one or more senders involved in communications with one or more receivers and is to house encryption keys associated with those communications, each certificate including a particular public key used by a particular sender, and the instructions when processed by the processor are to decrypt the encryption keys upon request of the one or more receivers and provide the decrypted versions to the receivers, the receivers directly interact with the apparatus and senders indirectly communicate with the apparatus via the receivers, the apparatus is tamper resistant and prefabricated with a private key that when provided provides administrative access to the apparatus, and the apparatus is to be interfaced to local networked environments of the one or more receivers and the apparatus to permit the senders to audit the apparatus to establish whether the receivers acquired the decrypted versions of the encryption keys from the apparatus, the receivers provide the encrypted keys to the apparatus as requests and in response the apparatus provides the decrypted versions of the encrypted keys back to the receivers.
16. The apparatus of claim 15 , wherein the apparatus is a Universal Serial Bus (USB) device that is adapted to be interfaced to machines or servers associated with the one or more receivers.
17. The apparatus of claim 15 , wherein the storage is at least one of volatile and non volatile memory.
18. The apparatus of claim 15 , wherein the instructions are to record within the storage dates and times in which the decrypted versions of the encrypted keys are supplied to the one or more receivers.
19. The apparatus of claim 15 , wherein the instructions are to record within the storage dates and times in which the certificates were received.
20. The apparatus of claim 19 , wherein the instructions are to provide read access to the storage for authenticated requestors, and wherein the instructions are to provide read and write access to a manufacture administrator that supplies a private key, which was prefabricated within the storage of the apparatus.
21. A system, comprising: a sender communication service; a receiver communication service; and a secure device, the secure device is to be interfaced within a local environment of the receiver communication service and is to decrypt an encrypted key supplied to the secure device from the receiver communication service, the receiver communication service is to receive the encrypted key in a communication with the sender communication service and via a sender certificate that also includes a public key of the sender communication service, the secure device is tamper resistant and is prefabricated with a private key that when provided grants administrative access to the secure device and the secure device is to be interfaced to the local environment of the receiver that the receiver is locally networked to, and the secure device is to permit the sender communication service to audit the secure device to establish that the receiver communication service received a decrypted version of the encrypted key from the secure device, the receiver communication service presents the encrypted key to the secure device and in response the secure device provides back to the receiver communication server the decrypted version of the encrypted key.
22. The system of claim 21 , wherein the secure device is to communicate with the sender communication service via the receiver communication service.
23. The system of claim 22 , wherein the secure device is to exchange certificates with the sender communication service, and wherein the public key of the sender communication service and a private key of the secure device is to be used by the secure device to decrypt the encrypted key.
24. The system of claim 23 , wherein the secure device is to supply a date and time to an authorized requestor.
25. The system of claim 21 , wherein the secure device is to record a date and time that the decrypted key is supplied to the receiver communication service.
26. The system of claim 21 , wherein the secure device is password protected.
27. The system of claim 21 , wherein the secure device is portable and is removable from the local environment of the receiver communication service.
28. The system of claim 21 , wherein the secure device is to support a plurality of additional instances of the receiver communication service, which are associated with different receivers.
29. The system of claim 21 , wherein the secure device is to support a plurality of additional instances simultaneously or in parallel.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
May 9, 2006
May 1, 2012
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.